[governance] DNSSEC and War

Yehuda Katz yehudakatz at mailinator.com
Tue Aug 12 22:11:06 EDT 2008 

Russian Cyber Attacks Shut Down Georgian Websites 
By Stefanie Hoffman, ChannelWeb 
7:22 PM EDT Tue. Aug. 12, 2008 

Art. Ref.: http://www.crn.com/security/210003057

Following just six days after the initiation of the Georgia-Russian conflict,
the Georgian Internet became the target of a coordinated cyber attack, which
compromised several government Websites with defacement and Denial of Service
attacks, crippling the nation's ability to disseminate information. 
Georgian President Mikheil Saakashvili's site was defaced, integrating his
image with those of Hitler. The sabotage was followed by a DDoS attack that
left the presidential site inaccessible. 

Denial of service attacks are conducted when a coordinated network of computers
sends multiple requests to a given server or computer at exactly the same time,
which subsequently shuts down the targeted computer under the barrage of
incoming requests. 

Meanwhile, Georgian news sites and other popular information forums were also
blocked during the attack. 

"As more government services move toward the Internet, you end up with more
exposure to these types of attack, whether it was an organization and executed
by government or criminal elements acting at somebody's direction," said Kevin
Newmeyer, worldwide principal for strategic security and counter terrorism for
security company Unisys (NYSE:UIS). "It's hard to prove it was a
government-directed operation." 

The attacks ultimately prompted the Georgian governmental sites to switch to
U.S. based hosts, while Georgia's Ministry of Foreign Affairs moved to a
blogspot account. 

The exact sources of the attacks are yet unknown. Experts say that some ISPs
appear to be sourced in Russia, and some speculate that the Russian government
had used its resources to fund the attack, which was launched the day before
Russia drove tanks into South Ossetia. 

Other unconfirmed reports suggest that members of the cybercrime organization
Russian Business Network are responsible for the coordinated sabotage of the
Georgian Websites. 

"It looks like it was coming from Russia, or is it a co-opted server that
wasn't properly patched, with people taking over the computer and doing things
with it?" said Newmeyer. "With the Russian Business Network, you can rent out a
server or a botnet for a number of hours. You pay your cyber gold and these
transactions happen offshore. That's one of the challenges that governments
face." 

Other experts, such as Paul Ferguson, advanced threats researchers for Trend
Micro, maintained that the actual RBN ISP has long been shut down, disbanding
into less obvious activity spread all over the globe. 

The first of the coordinated cyber attacks against Georgia was detected in
July, weeks before Russia launched its military intervention. Experts say that
attacks launched in tandem with military conflict will likely increase as more
global infrastructure is controlled by the Internet. 

While experts hesitate to call the Georgia attack an act of cyber terrorism,
most agree that it was part of a strategic campaign to eliminate Georgia's
ability to disseminate information. 

"It's a brute force attack, one that goes all the way back to the Mafiaboy
attacks of 2000," said David Perry, global director of education for Trend
Micro. "This is not a verifiable cyber war, but it is clearly a step in that
direction." 

The attacks recall a similar cyber attack in Estonia in April of 2007, when
government, parliament, and newspaper sites, as well as numerous online banking
operations were shut down after a conflict that resulted in the removal of
several Russian World War II monuments. However, experts contend that the
recent information attack on Georgian Websites was more coordinated,
professional and sophisticated in nature than last year's attack on Estonia
infrastructure. 

"The Estonia incident was more what I would call hactivism, more of an attack
by impassioned amateurs," said Ferguson. "This is a professional attack, and it
is vastly more serious." 

--

Of what value is it, knowing who started the War?
The question is - Can DNSSEC prevent Wars?

Re: DNSSEC
http://en.wikipedia.org/wiki/DNSSEC

---
End

-30-
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list